Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

wrapper php


marcos61

Recommended Posts

Wrapper.php for OsCommerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Often from my admin/whosonline I can see things like: /shop/wrapper.php?file=http://site.xx/images?

Can't understand what's happening, what's the trick, what I loose and what they can gain from this.

Anybody knows hot to fix it?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...